** '''Location''': KPMG 39th Floor, One Canada Sq, E14 5AG, starting at 7pm (arrive between 6.30pm and 7pm), ending by 9pm. KMPG are sponsoring the meeting. Complementary drinks will be provided. '''IMPORTANT: You must RSVP if you want to attend.'''

** '''Location''': KPMG 39th Floor, One Canada Sq, E14 5AG, starting at 7pm (arrive between 6.30pm and 7pm), ending by 9pm. KMPG are sponsoring the meeting. Complementary drinks will be provided. '''IMPORTANT: You must RSVP if you want to attend.'''

−

−

−

'''James Fisher: DirBuster & Beyond'''

−

−

An introduction to the DirBuster project, detailing how it works, what it can do for you, and the direction it will be taking in the future. Followed by an introduction to my unreleased project FuzzBuster, showing why it's different to other HTTP fuzzes out there.

This presentation aims to demonstrate a pioneering way of authenticating on a web-site, by means of accessing the login interface via port knocking.

−

−

As Single Packet Authorization is beginning to mature as a subject discipline, attaching a time window of opportunity towards the ability of logging in to a web-site adds an extra layer of security, well beyond the remit of the application layer.

−

−

In this presentation, the basic concept will be presented, a system description given, as well as a detailed outline of the tools used to develop this type of web authentication.

Revision as of 06:28, 9 September 2008

OWASP London

Welcome to the London chapter homepage. The chapter leader is Ivan Ristic (since Apr 2007) Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Future Events

Thursday, December 4thTO BE CONFIRMED

Location: KPMG 39th Floor, One Canada Sq, E14 5AG, starting at 7pm (arrive between 6.30pm and 7pm), ending by 9pm. KMPG are sponsoring the meeting. Complementary drinks will be provided. IMPORTANT: You must RSVP if you want to attend.

Past Events

Thursday, July 24th

Location: Auriol Kensington Rowing Club (map), starting at 7pm (arrive between 6.30pm and 7pm). Breach Security is sponsoring the meeting by paying for the costs of the venue.

We are going to use the downstairs room which you can access from the back of the pub

Presentations:

by Dinis Cruz (Chief OWASP Evangelist) :

OWASP, the Open Web Application Security Project 30m - The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications that can be trusted. All of the OWASP tools, documents, blogs, and chapters are free and open to anyone interested in improving application security. In this presentation Dinis will show the latest guides and tools from OWASP which should be part of every company's security efforts.

Buffer Overflows on .Net and Asp.Net 30m - One of the common myths about the .Net Framework is that it is immune to Buffer Overflows. Although this might be correct in pure managed and verifiable .Net code, large percentage of .Net and Asp.Net applications code is unmanaged code. In this talk Dinis will show the areas in .Net and Asp.Net applications that are vulnerable to Buffer Overflows (including the demo of a .Net Buffer Overflow Fuzzer).

0wning Vista's userland - The CAS / UAC missed opportunity , and what I think MS should had done - In this presentation Dinis will explore the missed opportunity by Microsoft to use technologies like .Net's CAS (Code Access Security) and Vista's UAC (User Access Control) to create secure and trustworthy userland environments that protect the user's assets. In the hope that might make a small difference, ideas and solutions for the future will also be presented.